Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Options ¶
type Options struct {
// CAFile or CABytes specifies the CA bundle that should be used to verify
// connections to the Konnectivity server. One or the other can be specified,
// not both. REQUIRED.
CAFile string
CABytes []byte
// ClientCertFile or ClientCertBytes specifies the client certificate to be used
// to authenticate to the Konnectivity server (via mTLS). One or the other can
// be specified, not both. REQUIRED.
ClientCertFile string
ClientCertBytes []byte
// ClientKeyFile or ClientKeyBytes specifies the client key to be used to
// authenticate to the Konnectivity server (via mTLS). One or the other can be
// specified, not both. REQUIRED.
ClientKeyFile string
ClientKeyBytes []byte
// KonnectivityHost is the host name of the Konnectivity server proxy. REQUIRED.
KonnectivityHost string
// KonnectivityPort is the port of the Konnectivity server proxy. REQUIRED.
KonnectivityPort uint32
// ConnectDirectlyToCloudAPIs specifies whether cloud APIs should be bypassed
// by the proxy. This is used by the ingress operator to be able to create DNS records
// before worker nodes are present in the cluster.
// See https://github.com/openshift/hypershift/pull/1601
ConnectDirectlyToCloudAPIs bool
// ExcludeCloudAPIHosts is a list of hostnames to exclude when determining if a particular
// hostname is a CloudAPI hostname.
// This is needed in the case when we use an internal proxy whose hostname ends in
// one of the cloud API suffixes we check. We should not need to use the management cluster
// proxy to get to the endpoint.
ExcludeCloudAPIHosts []string
// ResolveFromManagementClusterDNS tells the dialer to fallback to the management
// cluster's DNS (and direct dialer) initially until the konnectivity tunnel is available.
// Once the konnectivity tunnel is available, it no longer falls back on the management
// cluster. This is used by the OAuth server to allow quicker initialization of identity
// providers while worker nodes have not joined.
// See https://github.com/openshift/hypershift/pull/2261
ResolveFromManagementClusterDNS bool
// ResolveFromGuestClusterDNS tells the dialer to resolve names using the guest
// cluster's coreDNS service. Used by oauth and ingress operator.
ResolveFromGuestClusterDNS bool
// ResolveBeforeDial tells the dialer to resolve names before creating a TCP connection
// through the Konnectivity server. This is needed by the HTTPS konnectivity proxy since the
// hostname to be proxied needs to be resolved before being sent to the user's proxy.
ResolveBeforeDial bool
// DisableResolver disables any name resolution by the resolver. This is used by the CNO.
// See https://github.com/openshift/hypershift/pull/3986
DisableResolver bool
// Client for the hosted cluster. This is used by the resolver to resolve names either via
// service name or via coredns. REQUIRED (unless DisableResolver is specified)
Client client.Client
// Log is the logger to use for the dialer. No log output is generated if not specified.
Log logr.Logger
}
Options specifies the inputs for creating a Konnectivity dialer.
type ProxyDialer ¶
type ProxyDialer interface {
proxy.ContextDialer
proxy.Dialer
socks5.NameResolver
IsCloudAPI(string) bool
}
The ProxyDialer is the dialer used to connect via a Konnectivity proxy It implements the ContextDialer and Dialer interfaces as well as a the socks5.NameResolver interface to look up names through the konnectivity tunnel if necessary.
func NewKonnectivityDialer ¶
func NewKonnectivityDialer(opts Options) (ProxyDialer, error)
NewKonnectivityDialer creates a dialer that uses a konnectivity server as a tunnel to obtain a TCP connection to the target address. The dialer also includes a resolver that optionally uses the same konnectivity server to resolve names via the CoreDNS service in a hosted cluster.
Source Files
Click to show internal directories.
Click to hide internal directories.